CLAIMS 

What is claimed is: 



1 1 . A method for providing users associated with an organization access to documents 

2 that belong to a set of documents, comprising the steps of: 

3 storing hierarchy data that identifies 

4 a set of nodes that correspond to ORG-UNITS associated with the 

5 organization; and 

6 hierarchical relationships between said nodes that reflect hierarchical 

7 relationships between the ORG-UNITS that correspond to said nodes; 

8 establishing a first mapping between the users and the set of nodes based on the 

9 ORG-UNITS to which the users belong; 

10 establishing a second mapping between the documents in said set of documents and 

1 1 the set of nodes; and 

12 determining which documents in said set of documents a user is allowed to access 

13 based on the hierarchy data, the first mapping and the second mapping. 

1 2. The method of Claim 1 wherein the step of determining includes 

\ 

2 determining that the user may access only a subset of documents in said 

3 set of documents, wherein said subset includes only documents that 

4 either: 

5 map to a node to which the user maps; or 

6 map to a node that, according to said hierarchical relationships, resides below a node 

7 to which the user maps. 
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3. The method of Claim 2 further comprising the step of allowing the user to access the 
subset of documents without conveying to said user any information about documents 
in said set of documents that are not in said subset. 

4. The method of Claim 1 further comprising the step of automatically synchronizing 
the hierarchy data based on a new set of hierarchy information. 

5. The method of Claim 4 wherein the step of automatically synchronizing includes the 
steps of: 

inserting nodes that appear in the new set of hierarchy information but not in the 

hierarchy data into the hierarchy data; 
moving nodes that have new positions in the new set of hierarchy information to new 

positions in the hierarchy data; and 
deleting nodes that appear in the hierarchy data but not in the new set of hierarchy 

information. 

6. The method of Claim 5 wherein the step of inserting is performed before the step of 
moving, and the step of moving is performed before the step of deleting. 

7. The method of Claim 5 wherein the step of inserting involves traversing the hierarchy 
represented by the new hierarchy information. 

8. The method of Claim 7 wherein the step of traversing is performed using a transversal 
technique that ensures parent nodes are processed before their children nodes. 

9. The method of Claim 8 wherein the step of traversing is performed using a left-most 
tree transversal. 



50277-1545 (OID 2000-078-01) 



-23- 



1 0. The method of Claim 1 wherein the step of determining which documents said user is 
allowed to access is performed in response to a request received by a web server over 
a network from a browser on a client being used by said user. 

1 1 . The method of Claim 1 further comprising the steps of: 

storing said set of documents in a repository accessible to said server; and 
providing from said repository to said user over said network one or more documents 
that said user is allowed to access. 

12. The method of Claim 1 1 further comprising the step of implementing said repository 
in a relational database system. 

13. A computer-readable medium carrying instructions for providing users associated 
with an organization access to documents that belong to a set of documents, the 
instructions including instructions for performing the steps of: 

storing hierarchy data that identifies 

a set of nodes that correspond to ORG-UNITS associated with the 
organization; and 

hierarchical relationships between said nodes that reflect hierarchical 

relationships between the ORG-UNITS that correspond to said nodes; 
establishing a first mapping between the users and the set of nodes based on the 

ORG-UNITS to which the users belong; 
establishing a second mapping between the documents in said set of documents and 

the set of nodes; and 
determining which documents in said set of documents a user is allowed to access 

based on the hierarchy data, the first mapping and the second mapping. 
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14. The computer-readable medium of Claim 13 wherein the step of 
determining includes determining that the user may access only a subset 
of documents in said set of documents, wherein said subset includes 
only documents that either: 

map to a node to which the user maps; or 

map to a node that, according to said hierarchical relationships, resides below a node 
to which the user maps. 

15. The computer-readable medium of Claim 14 further comprising instructions for 
performing the step of allowing the user to access the subset of documents without 
conveying to said user any information about documents in said set of documents that 
are not in said subset. 

16. The computer-readable medium of Claim 13 further comprising instructions for 
performing the step of automatically synchronizing the hierarchy data based on a 
new set of hierarchy information. 

17. The computer-readable medium of Claim 16 wherein the step of automatically 
synchronizing includes the steps of: 

inserting nodes that appear in the new set of hierarchy information but not in the 

hierarchy data into the hierarchy data; 
moving nodes that have new positions in the new set of hierarchy information to new 

positions in the hierarchy data; and 
deleting nodes that appear in the hierarchy data but not in the new set of hierarchy 

information. 
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1 18. The computer-readable medium of Claim 1 7 wherein the step of inserting is 

2 performed before the step of moving, and the step of moving is performed before the 

3 step of deleting. 

1 1 9. The computer-readable medium of Claim 1 7 wherein the step of inserting involves 

2 traversing the hierarchy represented by the new hierarchy information. 

1 20. The computer-readable medium of Claim 19 wherein the step of traversing is 

2 performed using a transversal technique that ensures parent nodes are processed 
^ 3 before their children nodes. 

y 1 21 . The computer-readable medium of Claim 20 wherein the step of traversing is 
CS 2 performed using a left-most tree transversal. 

03 l 22. The computer-readable medium of Claim 13 wherein the step of determining which 
tag: 2 documents said user is allowed to access is performed in response to a request 

g 3 received by a web server over a network from a browser on a client being used by 

U 4 said user. 

D 

1 23. The computer-readable medium of Claim 13 further comprising instructions for 

2 performing the steps of: 

3 storing said set of documents in a repository accessible to said server; and 

4 providing from said repository to said user over said network one or more documents 

5 that said user is allowed to access. 

1 24. The computer-readable medium of Claim 23 further comprising instructions for 

2 performing the step of implementing said repository in a relational database system. 
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